Vulnerability Details CVE-2026-38755
A heap overflow in the evalcommand() function (shell/ash.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 5.6%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2026-38755
-
cpe:2.3:a:busybox:busybox:1.38.0